package org.trellisldp.auth.basic;

import java.io.File;
import java.security.Principal;
import java.util.Arrays;
import java.util.Collections;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.annotation.Priority;
import javax.ws.rs.NotAuthorizedException;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.core.SecurityContext;
import javax.ws.rs.ext.Provider;
import org.eclipse.microprofile.config.Config;
import org.eclipse.microprofile.config.ConfigProvider;

@Provider
@Priority(1000)
/* loaded from: input_file:org/trellisldp/auth/basic/BasicAuthFilter.class */
public class BasicAuthFilter implements ContainerRequestFilter {
    public static final String CONFIG_AUTH_BASIC_CREDENTIALS = "trellis.auth.basic.credentials";
    public static final String CONFIG_AUTH_REALM = "trellis.auth.realm";
    public static final String CONFIG_AUTH_ADMIN_USERS = "trellis.auth.admin-users";
    public static final String ADMIN_ROLE = "admin";
    private File file;
    private String challenge;
    private Set<String> admins;

    /* loaded from: input_file:org/trellisldp/auth/basic/BasicAuthFilter$BasicAuthSecurityContext.class */
    private static final class BasicAuthSecurityContext implements SecurityContext {
        private final Principal principal;
        private final Set<String> admins;
        private final boolean secure;

        private BasicAuthSecurityContext(Principal principal, Set<String> set, boolean z) {
            this.principal = principal;
            this.secure = z;
            this.admins = set;
        }

        public Principal getUserPrincipal() {
            return this.principal;
        }

        public boolean isSecure() {
            return this.secure;
        }

        public String getAuthenticationScheme() {
            return "BASIC";
        }

        public boolean isUserInRole(String str) {
            return BasicAuthFilter.ADMIN_ROLE.equals(str) && this.admins.contains(this.principal.getName());
        }
    }

    public BasicAuthFilter() {
        Config config = ConfigProvider.getConfig();
        this.file = (File) config.getOptionalValue(CONFIG_AUTH_BASIC_CREDENTIALS, String.class).map(File::new).orElse(null);
        this.challenge = "Basic realm=\"" + ((String) config.getOptionalValue(CONFIG_AUTH_REALM, String.class).orElse("trellis")) + "\"";
        this.admins = Collections.unmodifiableSet(getConfiguredAdmins(config));
    }

    @Deprecated
    public BasicAuthFilter(String str) {
        this(new File(str));
    }

    @Deprecated
    public BasicAuthFilter(File file) {
        this(file, ConfigProvider.getConfig());
    }

    private BasicAuthFilter(File file, Config config) {
        this(file, (String) config.getOptionalValue(CONFIG_AUTH_REALM, String.class).orElse("trellis"), getConfiguredAdmins(config));
    }

    @Deprecated
    public BasicAuthFilter(File file, String str, Set<String> set) {
        this.file = file;
        this.challenge = "Basic realm=\"" + str + "\"";
        this.admins = Collections.unmodifiableSet((Set) Objects.requireNonNull(set, "admins set may not be null!"));
    }

    public void setFile(File file) {
        this.file = (File) Objects.requireNonNull(file, "Credentials file may not be null!");
    }

    public void setChallenge(String str) {
        this.challenge = (String) Objects.requireNonNull(str, "Challenge may not be null!");
    }

    public void setAdmins(Set<String> set) {
        this.admins = (Set) Objects.requireNonNull(set, "Admin set may not be null!");
    }

    public void filter(ContainerRequestContext containerRequestContext) {
        boolean z = containerRequestContext.getSecurityContext() != null && containerRequestContext.getSecurityContext().isSecure();
        String credentials = getCredentials(containerRequestContext);
        if (credentials != null) {
            Principal authenticate = authenticate(credentials);
            if (authenticate == null) {
                throw new NotAuthorizedException(this.challenge, new Object[0]);
            }
            containerRequestContext.setSecurityContext(new BasicAuthSecurityContext(authenticate, this.admins, z));
        }
    }

    private Principal authenticate(String str) {
        Credentials parse = Credentials.parse(str);
        if (parse == null || this.file == null || !this.file.exists()) {
            return null;
        }
        Stream<String> uncheckedLines = BasicAuthUtils.uncheckedLines(this.file.toPath());
        Throwable th = null;
        try {
            try {
                Principal principal = (Principal) uncheckedLines.map((v0) -> {
                    return v0.trim();
                }).filter(str2 -> {
                    return !str2.startsWith("#");
                }).map(str3 -> {
                    return str3.split(":", 3);
                }).filter(strArr -> {
                    return strArr.length == 3;
                }).filter(strArr2 -> {
                    return strArr2[0].trim().equals(parse.getUsername()) && strArr2[1].trim().equals(parse.getPassword());
                }).map(strArr3 -> {
                    return strArr3[2].trim();
                }).findFirst().map(BasicPrincipal::new).orElse(null);
                if (uncheckedLines != null) {
                    if (0 != 0) {
                        try {
                            uncheckedLines.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        uncheckedLines.close();
                    }
                }
                return principal;
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (uncheckedLines != null) {
                if (th != null) {
                    try {
                        uncheckedLines.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    uncheckedLines.close();
                }
            }
            throw th4;
        }
    }

    private String getCredentials(ContainerRequestContext containerRequestContext) {
        String headerString = containerRequestContext.getHeaderString("Authorization");
        if (headerString == null) {
            return null;
        }
        String[] split = headerString.split(" ", 2);
        if (split.length == 2 && split[0].equalsIgnoreCase("BASIC")) {
            return split[1];
        }
        return null;
    }

    private static Set<String> getConfiguredAdmins(Config config) {
        return (Set) Arrays.stream(((String) config.getOptionalValue(CONFIG_AUTH_ADMIN_USERS, String.class).orElse("")).split(",")).map((v0) -> {
            return v0.trim();
        }).collect(Collectors.toSet());
    }
}
